Quickly enough to warrant an unprecedented reaction from financial authorities.
At the beginning of the year in our Financial Markets Regulatory Outlook for 2018, we predicted that the rapidly proliferating kinds of cyber risk faced by banks and other financial firms would drive authorities in the UK and Eurozone to take a much more active approach to building cyber resilience in the financial sector.
And, indeed, by the middle of the year, we’ve seen them do exactly that.
In April, the European Central Bank proposed a detailed framework for evaluating the cyber resilience of Europe’s financial market infrastructures, and followed that up a month later with a template for coordinating cross-border testing on Eurozone firms' cyber defences. In the UK, the Financial Policy Committee announced in June that it would begin conducting cyber resilience tests on systemically significant firms in 2019 and, shortly after, UK regulators published a Discussion Paper on how the financial sector should improve their resilience to operational and IT failures when they occur.
As regulatory practices responding to cyber risk grow, regulators will have to remain alert to just how swiftly the cyber risks that firms face can change, and ensure that the regulatory approach they design is dynamic enough to change with it. The rapid increase in crypojacking versus ransomware attacks in the last year is just one example of how rapidly the cyber terrain can mutate.
It almost goes without saying; this isn’t a trend we expect to see the end of anytime soon.